My ADA was s stolen from Yoroi Shelley Wallet

Yes, u must set up the ledger then:

  • install cardamo app on ledger
  • install yoroi browser extension
  • connect the ledger to yoroo ( just choose new wallet - connect ledger)
  • on yoroi you should see the word ledger to wallet name
  • send 10 ADA for test
  • connect the ledger on adalite.io amd if u see the 10 ADA it meams is fine and u can send all funds except 1 ADA
  • delegate the ledger
  • for the simple wallet wait 2-3 epochs till u will receive all rewards (the rewards are delayed by 2 epochs so for the next 2-3 epochs u will still receive the rewards inside your ols wallet
  • then deregister the stake address to receive back 2 ADA
  • move all ADA to ledger
  • that’s all

Cardano is so easy. Just follow these 10 non obvious steps and wait max 3 epochs (about 15 days) :slightly_smiling_face:

Hi, Jeff. My problem is similar to yours in that all of my staked ADA principal was stolen from my Yoroi Wallet (Shelley version) and only a tiny bit of rewards “pocket change” remains in my account. Here’s what’s different: I did not store my seed phrase or password on the computer that I use to access my Yoroi wallet. So, it seems to me that the security issues for Yoroi are not all solved yet. So far, all of my funds remain secure in every other online wallet/exchange platform that I regularly use: Coinbase Consumer, Coinbase Pro, Coinbase Wallet, MetaMask, Keplr, Brave Wallet, etc. All of that said, crypto infrastructures and our understanding of how it all works is still unfolding. But because DeFi/CeFi remain on the “Wild West” frontier edge of the investment world, I treat my crypto investing as a learning experience, understanding that I’ll win some and lose some as I improve my odds of winning through studying, giving it a go, and increasing my mental and emotional dexterity and sixth-sense acuity for sorting out what works and what doesn’t. Plus, I always remind myself only to invest what I can afford to lose. It sucks when an investment unexpectedly goes up in smoke, but in my book, crypto in general is still worth the price of admission, because cryptocurrency is the future of finance and the more we learn and earn now, the better off we’ll be as the market matures.

I am also very newbie here, but I think that you are misunderstanding transaction under UTxO model.

For instance, let’s see your transaction of 90,668ADA…

https://explorer.cardano.org/en/transaction?id=54c937edbc401b54bc5f1861af5617b2ce86ca70906c6c8e79585fc10643b168

I guess that you sent 132 ADA to your wallet. Am I right? I don’t see any issue here under UTxO model.
You may read the following article:

… For example, let’s say you have a Cardano wallet with 10,000 ADA and you want to send 3,000 ADA to your spouse. For the sake of simplicity, in this example, we will use whole numbers and forget about network fees normally incurred by transactions. Now let’s assume that your underlying total amount of ADA in your wallet is actually composed of three separate UTxOs that add up to 10,000 ADA. You might have 4,000 ADA in one UTxO, 2,000 ADA in another UTxO, and 4,000 ADA in another. The transaction will need to send 3,000 ADA to your spouse from one of the UTxOs containing 4,000 ADA and it will also need to send 1,000 ADA back to your wallet as a “change address.” …

Hence, 90,536 ADA is not yours. If I guess, it could be ADAs in a wallet of exchange (ex, coin base, binance, etc.)

Hi Guys
Same issue here 5k ADA gone few days ago from my Yoroi wallet while been staked and only a tiny bit of rewards 18 ADA remains in my account. I did not store my seed phrase or password on the computer that I use to access my Yoroi wallet. All my other conis like Luna Matic etc staked with no problem ,no replay from support yet …but i am loosing my hope every day Below transaction detals that was not mine Transaction ID

Go to CardanoScan explorer

538b2f479d02c022b550ed6e4602721e0e9dfe64c47953bec673560eef722391

This is very unfortunate :neutral_face: and how it stands you probably can’t do much :confused:

The following won’t help you retrieve the tokens but just want to mention that using and software wallet has a greater risk of being successfully attacked than a hardware wallet, cold storage, paper keys. For holding larger amounts of ADA I strongly suggest not to use a software wallet.

Reason: Software wallets store the private keys encrypted on the device (computer, phone). When needed those keys are decrypted using the spending password. There are multiple attack vectors against software wallets:

  • Computer infected with malware that acts as a key logger or clipboard hijacker and so capturing the spending password
  • Malware that does a brute force dictionary attack on the encrypted file. It may take hours, days or months to unlock the file, but thieves are not in a hurry
  • Malware that hijacks the clipboard so when pasting the recipients address it pastes the hacker’s address (check the address multiple times before doing a transaction)
  • Infected computer might show the expected address in the wallet while actually sending to hacker’s address
  • I guess there are many more attack options…

Using a hardware wallet those keys are kept on a hardware device so it’s much harder to get to them, even if the computer is infected. Replacing the recipient address can be discovered on hardware wallet as it displays it on the display before confirming the transaction (always verify address before confirmations)

Using cold storage (air gapped machine) for keys would require CLI skills but if just holding and staking you could delegate once and forget about it for some time.

So to sum up, I’d keep small amounts of ADA on a software wallet for “day to day” use, as there is greater possibility of theft. For the other, significant amount of ADA, I’d use a hardware wallet or air gapped machine.

With the address change, verifying helps, and a hardware wallet should be pretty safe. But how could you prevent that someone changes the source of the address which you verify? Like a malware could change the address already in the browser when you open your deposit page of an exchange. Nothing would prevent this currently.

@frank2 That’s true. I don’t know of a better solution than sending a small amount first for testing.

Right, that’s what I do always. But after thinking about it, a 2FA like approach would be a good protection: Login from another device to the exchange as well (like from mobile if you use PC usually and vice versa), and compare the receiving address. And for the other direction: install your wallet on 2 devices (one need to be read-only only, so it can’t be used to send money from) and check the test transfer. Might be paranoid, but better safe than sorry, if you transfer lots of money :slight_smile:
Would be nice, if wallets and blockchains would have a 2FA concept integrated.

Sounds overly complicated. Why not just put it in a bank lock box or with a private company that the feds can’t gain entry to ?

"Regarding the seed phrases. There are many methods of how to store it, I guess those could be easily googled.

For those who are not sure what I mean when I mention RAID5 analogy:

Split the words into 3 chunks. In the case of 24 words: Chunk1 contains the first 8 words, Chunk2 the seconds 8 words, Chunk3 the last 8 words.
Take 3 papers.
On Paper1 write Chunk1 and Chunk2
On Paper2 write Chunk1 and Chunk3
On Paper3 write Chunk2 and Chunk3
Store Paper1 at your place, Paper2 at your parents place, Paper3 at some other secure place

To be able to restore the phrase you will need papers from at least 2 locations. If one paper gets lost you will still have the other 2.

This can be extended further to something like RAID6 where we have 4 chunks and store 4 papers at 4 locations which allows us to lose 2 papers and still recover the phrase…"

I think it adds to the protection against theft, possible damage (fire, flood, etc…), or access restriction in the case of a 3rd party keeper. But yeah, it’s just one of many possible ways to store the seed phrase safely and everyone should choose the one which fits the best :beers:

Yea, I agree more than 1 location is ideal to mitigate potential damage from fire and flood.

Unfortunately my ADA was stolen in the last week. I’m heart broken to say the least. They say that exchange is the easiest place for your crypto to be taken. Yet it hasn’t happened once to me there. I’ve now had 5 BNB taken on Trust. 765 ADA taken last Friday. I’m really about done with crypto because I’m tired of my coins being taken. Sad thing is I’m down to around $200 left in crypto after spending every dollar extra I had this year to buy. I was about to trade my BNB in and buy all the ADA I could with it. I’ve never felt so hopeless. I expected more from Emergo and IOHK. I feel that they should have more responsibility than none at all. I downloaded my wallet straight from Yoroi. Never had used computer for anything at all. Had just bought it and the next day it’s all gone. Feels like Yoroi or Gateway one dropped the ball. Maybe my internet provider. Any advice would be appreciated. That way it doesn’t happen again. I’ve really have had it to be honest.

It is impossible that it gets stolen because of the internet provider. Do you have the download link from where you loaded the program? I guess it is some kind of malware. Can you install some anti-virus program and check your computer? Also where did you store your passphrase?

And just for information, please post your spending password (of course change it first for your wallet, and on any other services where you use the same, which you shouldn’t do anyway). I think an unsafe spending password in combination with malware is the most probable cause for most thefts. I can then run it with password crackers to check how safe it is.

Brand new computer and the only thing I had done was make sure that it had
protection. It has Norton 360 and I just made sure that it still says it
has no virus or malware. I went to Yoroi website and downloaded from there.
I did collect my rewards because I was going to switch staking pools. Then
3 days later it disappears. It’s almost like they sent it to wrong address
or something. Which I don’t believe is possible. No one has access to my
seed phrase. Had it in my safe and then to top that off. Doesn’t say
anything about crypto or wallet. Just 15 random words wrote on a page.
Something really doesn’t make sense. I’m so confused as to how this person
or people was able to hack into my wallet. I’ll send their address and
maybe you can figure it out. I don’t even use my crypto wallets on my phone
because I was so worried about losing my phone and someone being able to
hack into any wallet that I had. I also can’t understand why they wouldn’t
steal the $1000 I had in trust wallet. If you hacked into one wallet. Why
would you not just take from it as well. I’m going to send address and
maybe you might be able to figure it out. I’m thinking it was sent to wrong
address or some how Yoroi is unsafe. I’m very upset and if I would have
known that it was that easy to take. I think I would have bought another
crypto.

This is really strange. But I still think it might be a problem because of the spending password in most cases. Can you post your password (after you changed it everywhere where you use it, which should be really just the one wallet, and replacing confidential things like birthday date etc., which you also shouldn’t use) ? If it is for example just one normal word with a number, it will be cracked in seconds.

But this means that there would be some malware on your PC. When you bought the computer, did you do a fresh OS installation, and did you install other programs or surf the web later with it? I guess the police wouldn’t do anything for such a relatively low amount of money, like a forensic analysis of the computer. You could try to scan it with other anti-virus programs as well, like the free Avira. And do a full scan. If your spending password is safe, and there is no malware on your PC, then there might be really some problem with the Yoroi wallet, or the blockchain itself (which I think is very unlikely).

There is something seriously wrong with Yoroi. If we follow the trend, hardly anyone reports ADA being stolen using Deadalus. Each person was using Yoroi. It includes me

My SEED phrase being stolen is not possible. That out of the picture, the spending password is not at fault as the computer with the Yoroi Chrome extension was off at the time the stolen 3 transactions of 100k + 100k + 85k took place

So I lost 285k ADA in 3 transactions within 5 minutes on 03.10.2021
They were moved from my Yoroi wallet to the address as in the link:

I had been accumulating ADA since last 4 years
Its like my life is over, for no fault of mine
My SEED phrase is not compromised
Then how did all the ADA just go away in 3 transactions?
Who made these transactions and how did the he/she/bot have access without the seed phrase or the computer being ON?
Like seriously, what the hell is happening???
And if there is a human involved is he crazy losing close to 1200 ADA per month not staking it??? All the 285k ADA was transferred within 10 min. in a single transaction to a new address where it sits unstaked since more than 5 weeks as seen in the link:

Why did he/she/bot not withdraw the 8xx ADA rewards if they had the seed phrase? I withdrew them as I have my seed phrase and complete access to my wallet
Why did they make 3 transactions instead of a single one to transfer all the ADA?

Just because we can be blamed saying that we don’t know how to keep our seed phrase safe doesn’t mean that is the reason even though it seems so. How can Yoroi be at fault. How can the Cardano blockchain be at fault. It has to be us only??? NO. Yoroi needs to study their wallet code and try and understand how so many people without a compromised security position are all losing their ADA???

If there is malware on your computer, then probably they stole your wallet file and brute-forced the spending password offline, which would explain that it needed some time to transfer the Ada. I still think it is weak passwords in most cases, because the Yoroi wallet software allows very weak passwords (like all "1"s). And the rest is probably malware which installs keyloggers to capture the spending password or seed.

But right, it is strange that they don’t stake it or transfer it to an exchange and it is just sitting there for a month. Maybe they wait until they find a something to money launder it, and they don’t want to initiate a transfer, which could get them caught, if the exchanges are monitored. Or they got already caught meanwhile, or killed by other criminals, and the malware was still active.

This is really a lot of Ada. Did you report it to the police or some security researcher? For this amount it is worth to do a forensic analysis of your computer, which might help to find the thief. I can’t do it, but there are private investigators with cyber criminality experience as well.

PS: it was one transaction, with 3 inputs. I don’t know the details of the Cardano network, but I guess it needs to specify each input separately, to which you transferred it initially.

I understand the Cardano blockchain basics and I m sure its 3 transactions